CVE-2025-68227

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel’s MPTCP implementation related to protocol fallback detection with BPF. The issue arises when a server has MPTCP enabled, but a client sends a TCP SYN without MPTCP, leading to an incorrect comparison of socket protocols during subflow handling. Specifically, the sk prot is used for comparison instead of the more generic sk family, potentially leading to incorrect socket operations. This can occur during the mptcp stream accept function, triggered by a BPF sockops call. The fix involves using sk family for the comparison. This also resolves a WARNING message observed in the kernel logs during the mptcp stream accept function. The vulnerable code path involves the following functions: tcp rcv state process(), syn recv sock(), subflow syn recv sock(), tcp init transfer(), bpf skops established(), bpf sock map update(), tcp bpf update proto(), subflow ulp fallback(), subflow drop ctx(), and mptcp subflow ops undo override().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.